Skip to main content
Kinetic Community

Active Directory Group Create

Creates an Active Directory group entry and uses the provided parameter values to specify common attributes. This handler will fail if the group already exists.


By downloading this file, you acknowledge that you agree to our Terms of Service

Detailed Description

This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and create a group entry.
In order to build up the Distinguished Name (a unique identifier for the active directory user entry), the handler uses a template specified as a task info value.
The following entry attributes are set once the user entry is created:
* Direct Mappings
  - name              => Group Name
  - mail              => Email Address
  - description       => Description
  - info              => Notes
* Computed Mappings
  - grouptype         => Numerical representation of the group scope and type.
* Special Attributes
  - objectclass       => [top,group]
Task Info Configuration
* *dn_format* - This value is used to specify the distinguished name of the Active Directory group entry to be created.  Anything within curly braces {} will be replaced with the value of the entry attribute or task info value associated with that key. For example, the default format is 'CN={displayname},CN=Users,{base}'.  In this case {displayname} is replaced with the displayname attribute value and {base} is replaced with the value of the 'base' task info value.  A full list of available entry attributes is available above.  If you use organizational units they can be substituted into the distinguished name in this manner.


Name Description
Group Name The name of the group to be created
Description The description of this group
Email Address
The Email Address for this group.  Active Directory can be configured so that
  all members of a group are notified when the group receives an Email
Group Scope
  Security groups or distribution groups are characterized by a scope that
  identifies how they are applied in the domain tree or forest.
  There are three group scopes: universal, global, and domain local.
Group Type
  There are two group types, security and distribution.  Security groups allow
  you to manage user and computer access to shared resources.  Distribution
  groups are intended to be used solely as email distribution lists.
Notes Additional Information about the group

Sample Configuration

Parameter Example Configuration
Group Name:: <%=@results['New Group Name']%>
Description::  Allows access to the accounting resources
Email Address::
Group Scope:: Global
Group Type:: Security
Notes:: <%=@results['Notes']%>


Name Description
Distinguished Name:: CN=Accounting,CN=Users,DC=kineticdata,DC=com

Change Log

Version Date Description
v1 2011-01-24 Initial Version
v2 2014-08-05 Changed the password info value to be encrypted.